package com.ysf.cn.springbootshrio.util;

import at.pollux.thymeleaf.shiro.dialect.ShiroDialect;
import org.apache.shiro.authc.credential.HashedCredentialsMatcher;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.spring.LifecycleBeanPostProcessor;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

import java.util.LinkedHashMap;
import java.util.Map;

/**
 * @author ysf
 * @date 2020/2/13 14:00
 */
@Configuration
public class ShrioConfig {

    /**
     * 凭证匹配器
     * @return
     */
    /*@Bean
    public HashedCredentialsMatcher hashedCredentialsMatcher(){
        HashedCredentialsMatcher hashedCredentialsMatcher=new HashedCredentialsMatcher();
        //md5加密一次
        hashedCredentialsMatcher.setHashAlgorithmName("md5");
        hashedCredentialsMatcher.setHashIterations(1);
        return hashedCredentialsMatcher;
    }*/

    //整合ShiroDialect:用来整合 shiro 和 thymeleaf
    @Bean
    public ShiroDialect getShiroDialect(){
        return new ShiroDialect();
    }

    /**
     * 自定义的realm
     * @return
     */
    @Bean
    public UserRealm userRealm(){
        UserRealm userRealm =new UserRealm();
        //userRealm.setCredentialsMatcher(hashedCredentialsMatcher());
        return userRealm;
    }

    /**
     * 解决循环依赖的错误
     * @return
     */
    @Bean(name = "lifecycleBeanPostProcessor")
    public LifecycleBeanPostProcessor lifecycleBeanPostProcessor() {
        return new LifecycleBeanPostProcessor();
    }
    /**
     * 安全管理器
     * 注：使用shiro-spring-boot-starter 1.4时,返回类型是SecurityManager会报错,直接引用shiro-spring则不报错
     * @return
     */
    @Bean(name = "securityManager")
    public DefaultWebSecurityManager securityManager(@Qualifier("userRealm") UserRealm userRealm){
        DefaultWebSecurityManager securityManager=new DefaultWebSecurityManager();
        securityManager.setRealm(userRealm);
        return securityManager;
    }

    /*@Bean(name = "shiroFilter")
    public ShiroFilterFactoryBean shiroFilterFactoryBean(DefaultWebSecurityManager securityManager) {
        ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
        shiroFilterFactoryBean.setSecurityManager(securityManager);
        return shiroFilterFactoryBean;
    }*/

    @Bean(name = "shiroFilter")
    public ShiroFilterFactoryBean shiroFilter(@Qualifier("securityManager") SecurityManager securityManager){
        System.out.println("拦截");
        ShiroFilterFactoryBean Bean=new ShiroFilterFactoryBean();
        Bean.setSecurityManager(securityManager);
//        Bean.setLoginUrl("/login");
//        Bean.setSuccessUrl("/");
        //设置未授权页面
//        Bean.setUnauthorizedUrl("/unauth");
        //注意此处使用的是LinkedHashMap ,是有顺序的,shiro会按从上到下的顺序匹配验证,匹配了就不在继续验证
        //所以上面的url要苛刻,宽松的url要放在下面,尤其是“/**”要放到最下面,如果放前面的话其后的验证规则就没作用了。
        //拦截
//        Map<String,String> filterMap=new LinkedHashMap<>();
        //授权
//        filterMap.put("/user/adds","perms[systemadd]");  //设置用户拥有add的权限才能访问 /user/adds下的页面
//        filterMap.put("/user/updates","perms[update]");  //设置用户拥有update的权限才能访问 /user/adds下的页面
//        filterMap.put("/static/**","anon");     //anon:无需认证就可以访问
//        filterMap.put("/login","anon");         //anon:无需认证就可以访问
//        //swagger 放行
//        filterMap.put("/swagger-ui.html","anon");
//        filterMap.put("/swagger-resources","anon");
//        filterMap.put("/v2/api-docs","anon");
//        filterMap.put("/webjars/springfox-swagger-ui/**","anon");
//        filterMap.put("/configuration/security","anon");
//        filterMap.put("/configuration/ui","anon");
//        filterMap.put("/captcha.jpg","anon");   //anon:无需认证就可以访问
//        filterMap.put("/favicon.ico", "anon");  //anon:无需认证就可以访问
//        filterMap.put("/**", "authc");          //authc:必须认证才能访问
//        Bean.setFilterChainDefinitionMap(filterMap);
        return Bean;
    }





}
